Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
197
security advisoryinformation leakdebianDebian LTS: DLA-1692-1 Moderate: phpMyAdmin Data Exposure
An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP . Package : phpmyadmin Version : 4:4.2.12-2+deb8u5 CVE ID : CVE-2019-6799 Debian Bug : 920823 An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration. When the AllowArbitraryServer configuration setting is set to false (default), the attacker needs a local MySQL account. When set to true, the attacker can exploit this with the use of a rogue MySQL server. For Debian 8 "Jessie", this problem has been fixed in version 4:4.2.12-2+deb8u5. We recommend that you upgrade your phpmyadmin packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Package: phpmyadmin Version: 4:4.2.12-2+deb8u5 CVE ID: CVE-2019-6799 Debian Bug: 920823 An information leak issue was discovered in phpMyAdmin allowing unauthorized file access.. phpMyAdmin Security, Debian Update, Information Leak, Software Security, Attacker Risks. . LinuxSecurity.com Team
Feb 27, 2019
Debian LTS
100
security advisorycriticalremote accessSUSE: 2019:0126-1 Important: Openssh Remote Access Issues
An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0126-1 Rating: important References: #1121571 #1121816 #1121818 #1121821 Cross-References: CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for openssh fixes the following issues: Security issues fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patchSUSE-SLE-Module-Server-Applications-15-2019-126=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-126=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-126=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-126=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-7.6p1-9.13.1 openssh-debugsource-7.6p1-9.13.1 openssh-fips-7.6p1-9.13.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openssh-cavs-7.6p1-9.13.1 openssh-cavs-debuginfo-7.6p1-9.13.1 openssh-debuginfo-7.6p1-9.13.1 openssh-debugsource-7.6p1-9.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-7.6p1-9.13.1 openssh-askpass-gnome-debuginfo-7.6p1-9.13.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): openssh-7.6p1-9.13.1 openssh-debuginfo-7.6p1-9.13.1 openssh-debugsource-7.6p1-9.13.1 openssh-helpers-7.6p1-9.13.1 openssh-helpers-debuginfo-7.6p1-9.13.1 References: https://www.suse.com/security/cve/CVE-2018-20685.html https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6110.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1121571 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121818 https://bugzilla.suse.com/1121821 _______________________________________________ sle-security-updates mailing list
Jan 18, 2019
•Important
SuSE
89
security advisorymoderateFedoraFedora 23 Moderate: libXv Security Update for Out-Of-Bounds Access
Security fix for CVE-2016-5407. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-3b41a9eaa8 2016-11-01 08:56:12.224455 -------------------------------------------------------------------------------- Name : libXv Product : Fedora 23 Version : 1.0.11 Release : 1.fc23 URL : https://www.x.org/wiki/ Summary : X.Org X11 libXv runtime library Description : X.Org X11 libXv runtime library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-5407 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381931 - CVE-2016-5407 libXv: Insufficient validation of server responses results in out-of bounds accesses https://bugzilla.redhat.com/show_bug.cgi?id=1381931 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libXv' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 01, 2016
Fedora
98
security advisorymoderatesecurity issueRed Hat 7.1, 7.2 Advisory RHSA-2003:064-01 Moderate: XFree86 Access Issue
Since the last XFree86 update for Red Hat Linux 7.1 and 7.2, a number of security vulnerabilities have been found and fixed.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated XFree86 4.1.0 packages are available Advisory ID: RHSA-2003:064-01 Issue date: 2003-06-25 Updated on: 2003-06-25 Product: Red Hat Linux Keywords: Cross references: Obsoletes: RHBA-2002:068 CVE Names: CAN-2001-1409 CAN-2002-0164 CAN-2002-1510 CAN-2003-0063 CAN-2003-0071 - --------------------------------------------------------------------- 1. Topic: Updated XFree86 packages that resolve various security issues and additionally provide a number of bug fixes and enhancements are now available for Red Hat Linux 7.1 and 7.2. 2. Relevant releases/architectures: Red Hat Linux 7.1 - i386 Red Hat Linux 7.2 - i386, ia64 3. Problem description: XFree86 is an implementation of the X Window System, which provides the graphical user interface, video drivers, etc. for Linux systems. Since the last XFree86 update for Red Hat Linux 7.1 and 7.2, a number of security vulnerabilities have been found and fixed. In addition, various other bug fixes, driver updates, and other enhancements have been made. Security fixes: Xterm, provided as part of the XFree86 packages, provides an escape sequence for reporting the current window title. This escape sequence essentially takes the current title and places it directly on the command line. An attacker can craft an escape sequence that sets the victim's Xterm window title to an arbitrary command, and then reports it to the command line. Since it is not possible to embed a carriage return into the window title, the attacker would then have to convince the victim to press Enter for the shell to process the title as a command, although the attacker could craft other escape sequences that might convince the victim to do so. The Common Vulnerabilities andExposures project (cve.mitre.org) has assigned the name CAN-2003-0063 to this issue. It is possible to lock up versions of Xterm by sending an invalid DEC UDK escape sequence. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0071 to this issue. The xdm display manager, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1510 to this issue. These erratum packages also contain an updated fix for CAN-2002-0164, a vulnerability in the MIT-SHM extension of the X server that allows local users to read and write arbitrary shared memory. The original fix did not cover the case where the X server is started from xdm. The X server was setting the /dev/dri directory permissions incorrectly, which resulted in the directory being world writable. It now sets the directory permissions to a safe value. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2001-1409 to this issue. Driver updates and other fixes: The Rage 128 video driver (r128) has been updated to provide 2D support for all previously unsupported ATI Rage 128 hardware. DRI 3D support should also work on the majority of Rage 128 hardware. Bad page size assumptions in the ATI Radeon video driver (radeon) have been fixed to allow the driver to work properly on ia64 and other architectures where the page size is not fixed. A long-standing XFree86 bug has been fixed. This bug occurs when any form of system clock skew (such as NTP clock synchronization, APM suspend/resume cycling on laptops, daylight savings time changeover, or even manually setting the system clock forward or backward) could result in odd application behavior, mouse and keyboard lockups, or even an X server hang or crash. The S3 Savage driver (savage) has been updated to the upstream author's latest version "1.1.27t",which should fix numerous bugs reported by various users, as well as adding support for some newer savage hardware. Users are advised to upgrade to these updated packages, which are not vulnerable to the previously-mentioned security issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. RPMs required: Red Hat Linux 7.1: SRPMS: i386: Red Hat Linux 7.2: SRPMS: i386: ia64: 6. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 255e508c0444be66aad401f48ec0e6a6 7.1/en/os/SRPMS/XFree86-4.1.0-49.src.rpm 65e1eb830be72af2f7538ee5e1fd0fea 7.1/en/os/i386/XFree86-100dpi-fonts-4.1.0-49.i386.rpm 18cc85bff08f8247c9fea09283ccf45a 7.1/en/os/i386/XFree86-4.1.0-49.i386.rpm 930d4edb4899f1b78cdc1cd2b19ab38c 7.1/en/os/i386/XFree86-75dpi-fonts-4.1.0-49.i386.rpm 0cce2b5afb99c32e926ef43261ff2250 7.1/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.i386.rpm af88742bd8458f8e57cdf6e5314575367.1/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.i386.rpm e05cf77457ccd3e315e9d3d591782c7a 7.1/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.i386.rpm e95df2e86f1d88fe89ef1f14a71fdccd 7.1/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.i386.rpm 71ec6519410e65aad2eae4bdfe500975 7.1/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.i386.rpm ffa9344eb347d7d12ab87bba652fa562 7.1/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.i386.rpm e475560e7c1fb62a196993415dfab7de 7.1/en/os/i386/XFree86-Xnest-4.1.0-49.i386.rpm dfa2b9213032074d9f08781042ca05f2 7.1/en/os/i386/XFree86-Xvfb-4.1.0-49.i386.rpm 0025f3055761f8ac4b1eb392d076f3fd 7.1/en/os/i386/XFree86-cyrillic-fonts-4.1.0-49.i386.rpm 987897ce80f44dc702f162e0f0aea0d9 7.1/en/os/i386/XFree86-devel-4.1.0-49.i386.rpm a46de8247fa2ab6b14b80e37d3604876 7.1/en/os/i386/XFree86-doc-4.1.0-49.i386.rpm f77a9ccd1b80e73bc281d3a23698d646 7.1/en/os/i386/XFree86-libs-4.1.0-49.i386.rpm f234a38c406ec59d1797b2261394838c 7.1/en/os/i386/XFree86-tools-4.1.0-49.i386.rpm 270de02f4185ad7071d4ffbe41d21e3e 7.1/en/os/i386/XFree86-twm-4.1.0-49.i386.rpm 1307c2f687fa2885fcf31a5dc6ab8316 7.1/en/os/i386/XFree86-xdm-4.1.0-49.i386.rpm 37e289141f240cd67e5592ba5a08576c 7.1/en/os/i386/XFree86-xf86cfg-4.1.0-49.i386.rpm 8356bc88316bc141ae069a6035343a67 7.1/en/os/i386/XFree86-xfs-4.1.0-49.i386.rpm 255e508c0444be66aad401f48ec0e6a6 7.2/en/os/SRPMS/XFree86-4.1.0-49.src.rpm 65e1eb830be72af2f7538ee5e1fd0fea 7.2/en/os/i386/XFree86-100dpi-fonts-4.1.0-49.i386.rpm 18cc85bff08f8247c9fea09283ccf45a 7.2/en/os/i386/XFree86-4.1.0-49.i386.rpm 930d4edb4899f1b78cdc1cd2b19ab38c 7.2/en/os/i386/XFree86-75dpi-fonts-4.1.0-49.i386.rpm 0cce2b5afb99c32e926ef43261ff2250 7.2/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.i386.rpm af88742bd8458f8e57cdf6e531457536 7.2/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.i386.rpm e05cf77457ccd3e315e9d3d591782c7a 7.2/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.i386.rpm e95df2e86f1d88fe89ef1f14a71fdccd7.2/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.i386.rpm 71ec6519410e65aad2eae4bdfe500975 7.2/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.i386.rpm ffa9344eb347d7d12ab87bba652fa562 7.2/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.i386.rpm e475560e7c1fb62a196993415dfab7de 7.2/en/os/i386/XFree86-Xnest-4.1.0-49.i386.rpm dfa2b9213032074d9f08781042ca05f2 7.2/en/os/i386/XFree86-Xvfb-4.1.0-49.i386.rpm 0025f3055761f8ac4b1eb392d076f3fd 7.2/en/os/i386/XFree86-cyrillic-fonts-4.1.0-49.i386.rpm 987897ce80f44dc702f162e0f0aea0d9 7.2/en/os/i386/XFree86-devel-4.1.0-49.i386.rpm a46de8247fa2ab6b14b80e37d3604876 7.2/en/os/i386/XFree86-doc-4.1.0-49.i386.rpm f77a9ccd1b80e73bc281d3a23698d646 7.2/en/os/i386/XFree86-libs-4.1.0-49.i386.rpm f234a38c406ec59d1797b2261394838c 7.2/en/os/i386/XFree86-tools-4.1.0-49.i386.rpm 270de02f4185ad7071d4ffbe41d21e3e 7.2/en/os/i386/XFree86-twm-4.1.0-49.i386.rpm 1307c2f687fa2885fcf31a5dc6ab8316 7.2/en/os/i386/XFree86-xdm-4.1.0-49.i386.rpm 37e289141f240cd67e5592ba5a08576c 7.2/en/os/i386/XFree86-xf86cfg-4.1.0-49.i386.rpm 8356bc88316bc141ae069a6035343a67 7.2/en/os/i386/XFree86-xfs-4.1.0-49.i386.rpm 3338235d20c3b3b96deda7a7bb09411a 7.2/en/os/ia64/XFree86-100dpi-fonts-4.1.0-49.ia64.rpm cec6acd6c87f466e41a61540196de1ff 7.2/en/os/ia64/XFree86-4.1.0-49.ia64.rpm 36def6fde64cd3580df217356b07ffc8 7.2/en/os/ia64/XFree86-75dpi-fonts-4.1.0-49.ia64.rpm f9f2c6648a3abba91225769e1c7d3c46 7.2/en/os/ia64/XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.ia64.rpm a952f30917499b8d82944238863aae35 7.2/en/os/ia64/XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.ia64.rpm 3ddc6202621fa123a148a5d6782279cd 7.2/en/os/ia64/XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.ia64.rpm fb13416b693b2e1b2b16540a88b40649 7.2/en/os/ia64/XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.ia64.rpm 503f01aa9bffc2f68fbe7201e6ccc3ed 7.2/en/os/ia64/XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.ia64.rpm 67e91206b634e6de793c3e9c6679bd15 7.2/en/os/ia64/XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.ia64.rpm 75f485800cefecf55673f3936e3874a27.2/en/os/ia64/XFree86-Xnest-4.1.0-49.ia64.rpm 76f0e50b47ab9acf852b0b80f3713295 7.2/en/os/ia64/XFree86-Xvfb-4.1.0-49.ia64.rpm b84ddb8960c7785d03e69c6d231f11b1 7.2/en/os/ia64/XFree86-cyrillic-fonts-4.1.0-49.ia64.rpm e93b07925b011af368a94231d1a5583c 7.2/en/os/ia64/XFree86-devel-4.1.0-49.ia64.rpm 65050c1656f2e42486af9a653ab7c804 7.2/en/os/ia64/XFree86-doc-4.1.0-49.ia64.rpm f43d26478bf23d7b7a9b05fa35d76d06 7.2/en/os/ia64/XFree86-libs-4.1.0-49.ia64.rpm cf6c46c53d41081ae4662e17a89b3ab8 7.2/en/os/ia64/XFree86-tools-4.1.0-49.ia64.rpm 8f71e3738a26c29439b7b5abd3499966 7.2/en/os/ia64/XFree86-twm-4.1.0-49.ia64.rpm 491e50e22765f54d04f542c386f5a322 7.2/en/os/ia64/XFree86-xdm-4.1.0-49.ia64.rpm 17df02a97c217e0b507fac05fbe3608c 7.2/en/os/ia64/XFree86-xfs-4.1.0-49.ia64.rpm These packages are GPG signed by Red Hat for security. Our key is available from Product Signing Keys - Red Hat Customer Portal You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 7. References: CVE -CVE-2001-1409 CVE -CVE-2002-0164 CVE -CVE-2002-1510 CVE -CVE-2003-0063 CVE -CVE-2003-0071 8. Contact: The Red Hat security contact is . More contact details at All Red Hat products Copyright 2003 Red Hat, Inc. . New enhancements in XFree86 software tackle various issues effectively. Ensure that your Fedora Linux setup remains secure and current.. Red Hat Advisory, XFree86 Security, Linux Updates. . LinuxSecurity.com Team
Jun 27, 2003
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!